
<!DOCTYPE HTML>
<html lang="" >
    <head>
        <meta charset="UTF-8">
        <meta content="text/html; charset=utf-8" http-equiv="Content-Type">
        <title>四、安全规约 · GitBook</title>
        <meta http-equiv="X-UA-Compatible" content="IE=edge" />
        <meta name="description" content="">
        <meta name="generator" content="GitBook 3.2.3">
        
        
        
    
    <link rel="stylesheet" href="gitbook/style.css">

    
            
                
                <link rel="stylesheet" href="gitbook/gitbook-plugin-prism/prism.css">
                
            
                
                <link rel="stylesheet" href="gitbook/gitbook-plugin-search/search.css">
                
            
                
                <link rel="stylesheet" href="gitbook/gitbook-plugin-fontsettings/website.css">
                
            
        

    

    
        
        <link rel="stylesheet" href="styles/website.css">
        
    

        
    
    
    <meta name="HandheldFriendly" content="true"/>
    <meta name="viewport" content="width=device-width, initial-scale=1, user-scalable=no">
    <meta name="apple-mobile-web-app-capable" content="yes">
    <meta name="apple-mobile-web-app-status-bar-style" content="black">
    <link rel="apple-touch-icon-precomposed" sizes="152x152" href="gitbook/images/apple-touch-icon-precomposed-152.png">
    <link rel="shortcut icon" href="gitbook/images/favicon.ico" type="image/x-icon">

    
    
    <link rel="prev" href="单元测试.html" />
    

    </head>
    <body>
        
<div class="book">
    <div class="book-summary">
        
            
<div id="book-search-input" role="search">
    <input type="text" placeholder="Type to search" />
</div>

            
                <nav role="navigation">
                


<ul class="summary">
    
    

    

    
        
        
    
        <li class="chapter " data-level="1.1" data-path="./">
            
                <a href="./">
            
                    
                    前言
            
                </a>
            

            
        </li>
    
        <li class="chapter " data-level="1.2" >
            
                <span>
            
                    
                    一、编程规约
            
                </span>
            

            
            <ul class="articles">
                
    
        <li class="chapter " data-level="1.2.1" data-path="编程规约/命名风格.html">
            
                <a href="编程规约/命名风格.html">
            
                    
                    （一）命名风格
            
                </a>
            

            
        </li>
    
        <li class="chapter " data-level="1.2.2" data-path="编程规约/常量定义.html">
            
                <a href="编程规约/常量定义.html">
            
                    
                    （二）常量定义
            
                </a>
            

            
        </li>
    
        <li class="chapter " data-level="1.2.3" data-path="编程规约/代码格式.html">
            
                <a href="编程规约/代码格式.html">
            
                    
                    （三）代码格式
            
                </a>
            

            
        </li>
    
        <li class="chapter " data-level="1.2.4" data-path="编程规约/OOP规范.html">
            
                <a href="编程规约/OOP规范.html">
            
                    
                    （四）OOP规范
            
                </a>
            

            
        </li>
    
        <li class="chapter " data-level="1.2.5" data-path="编程规约/集合处理.html">
            
                <a href="编程规约/集合处理.html">
            
                    
                    （五）集合处理
            
                </a>
            

            
        </li>
    
        <li class="chapter " data-level="1.2.6" data-path="编程规约/并发处理.html">
            
                <a href="编程规约/并发处理.html">
            
                    
                    （六）并发处理
            
                </a>
            

            
        </li>
    
        <li class="chapter " data-level="1.2.7" data-path="编程规约/控制语句.html">
            
                <a href="编程规约/控制语句.html">
            
                    
                    （七）控制语句
            
                </a>
            

            
        </li>
    
        <li class="chapter " data-level="1.2.8" data-path="编程规约/注释规约.html">
            
                <a href="编程规约/注释规约.html">
            
                    
                    （八）注释规约
            
                </a>
            

            
        </li>
    

            </ul>
            
        </li>
    
        <li class="chapter " data-level="1.3" >
            
                <span>
            
                    
                    二、异常日志
            
                </span>
            

            
            <ul class="articles">
                
    
        <li class="chapter " data-level="1.3.1" data-path="异常日志/异常处理.html">
            
                <a href="异常日志/异常处理.html">
            
                    
                    （一）异常处理
            
                </a>
            

            
        </li>
    
        <li class="chapter " data-level="1.3.2" data-path="异常日志/日志规约.html">
            
                <a href="异常日志/日志规约.html">
            
                    
                    （二）日志规范
            
                </a>
            

            
        </li>
    
        <li class="chapter " data-level="1.3.3" data-path="异常日志/其他.html">
            
                <a href="异常日志/其他.html">
            
                    
                    （三）其他
            
                </a>
            

            
        </li>
    

            </ul>
            
        </li>
    
        <li class="chapter " data-level="1.4" data-path="单元测试.html">
            
                <a href="单元测试.html">
            
                    
                    三、单元测试
            
                </a>
            

            
        </li>
    
        <li class="chapter active" data-level="1.5" data-path="安全规约.html">
            
                <a href="安全规约.html">
            
                    
                    四、安全规约
            
                </a>
            

            
        </li>
    
        <li class="chapter " data-level="1.6" >
            
                <span>
            
                    
                    五、MySQL数据库
            
                </span>
            

            
            <ul class="articles">
                
    
        <li class="chapter " data-level="1.6.1" data-path="MySQL数据库/建表规约.html">
            
                <a href="MySQL数据库/建表规约.html">
            
                    
                    （一）建表规约
            
                </a>
            

            
        </li>
    
        <li class="chapter " data-level="1.6.2" data-path="MySQL数据库/索引规约.html">
            
                <a href="MySQL数据库/索引规约.html">
            
                    
                    （二）索引规约
            
                </a>
            

            
        </li>
    
        <li class="chapter " data-level="1.6.3" data-path="MySQL数据库/SQL语句.html">
            
                <a href="MySQL数据库/SQL语句.html">
            
                    
                    （三）SQL语句
            
                </a>
            

            
        </li>
    
        <li class="chapter " data-level="1.6.4" data-path="MySQL数据库/ORM映射.html">
            
                <a href="MySQL数据库/ORM映射.html">
            
                    
                    （四）ORM映射
            
                </a>
            

            
        </li>
    

            </ul>
            
        </li>
    
        <li class="chapter " data-level="1.7" >
            
                <span>
            
                    
                    六、工程结构
            
                </span>
            

            
            <ul class="articles">
                
    
        <li class="chapter " data-level="1.7.1" data-path="工程结构/应用分层.html">
            
                <a href="工程结构/应用分层.html">
            
                    
                    （一）应用分层
            
                </a>
            

            
        </li>
    
        <li class="chapter " data-level="1.7.2" data-path="工程结构/二方库依赖.html">
            
                <a href="工程结构/二方库依赖.html">
            
                    
                    （二）二方库依赖
            
                </a>
            

            
        </li>
    
        <li class="chapter " data-level="1.7.3" data-path="工程结构/服务器.html">
            
                <a href="工程结构/服务器.html">
            
                    
                    （三）服务器
            
                </a>
            

            
        </li>
    

            </ul>
            
        </li>
    
        <li class="chapter " data-level="1.8" data-path="版本历史.html">
            
                <a href="版本历史.html">
            
                    
                    附1：版本历史 
            
                </a>
            

            
        </li>
    
        <li class="chapter " data-level="1.9" data-path="本手册专有名词.html">
            
                <a href="本手册专有名词.html">
            
                    
                    附2：本手册专有名词 
            
                </a>
            

            
        </li>
    

    

    <li class="divider"></li>

    <li>
        <a href="https://www.gitbook.com" target="blank" class="gitbook-link">
            Published with GitBook
        </a>
    </li>
</ul>


                </nav>
            
        
    </div>

    <div class="book-body">
        
            <div class="body-inner">
                
                    

<div class="book-header" role="navigation">
    

    <!-- Title -->
    <h1>
        <i class="fa fa-circle-o-notch fa-spin"></i>
        <a href="." >四、安全规约</a>
    </h1>
</div>




                    <div class="page-wrapper" tabindex="-1" role="main">
                        <div class="page-inner">
                            
<div id="book-search-results">
    <div class="search-noresults">
    
                                <section class="normal markdown-section">
                                
                                <h2 id="&#x56DB;&#x3001;&#x5B89;&#x5168;&#x89C4;&#x7EA6;">&#x56DB;&#x3001;&#x5B89;&#x5168;&#x89C4;&#x7EA6;</h2>
<ol>
<li>&#x3010;&#x5F3A;&#x5236;&#x3011;&#x96B6;&#x5C5E;&#x4E8E;&#x7528;&#x6237;&#x4E2A;&#x4EBA;&#x7684;&#x9875;&#x9762;&#x6216;&#x8005;&#x529F;&#x80FD;&#x5FC5;&#x987B;&#x8FDB;&#x884C;&#x6743;&#x9650;&#x63A7;&#x5236;&#x6821;&#x9A8C;&#x3002; 
<br><span style="color:orange">&#x8BF4;&#x660E;</span>&#xFF1A;&#x9632;&#x6B62;&#x6CA1;&#x6709;&#x505A;&#x6C34;&#x5E73;&#x6743;&#x9650;&#x6821;&#x9A8C;&#x5C31;&#x53EF;&#x968F;&#x610F;&#x8BBF;&#x95EE;&#x3001;&#x4FEE;&#x6539;&#x3001;&#x5220;&#x9664;&#x522B;&#x4EBA;&#x7684;&#x6570;&#x636E;&#xFF0C;&#x6BD4;&#x5982;&#x67E5;&#x770B;&#x4ED6;&#x4EBA;&#x7684;&#x79C1;&#x4FE1;&#x5185;&#x5BB9;&#x3001;&#x4FEE;&#x6539;&#x4ED6;&#x4EBA;&#x7684;&#x8BA2;&#x5355;&#x3002; </li>
<li>&#x3010;&#x5F3A;&#x5236;&#x3011;&#x7528;&#x6237;&#x654F;&#x611F;&#x6570;&#x636E;&#x7981;&#x6B62;&#x76F4;&#x63A5;&#x5C55;&#x793A;&#xFF0C;&#x5FC5;&#x987B;&#x5BF9;&#x5C55;&#x793A;&#x6570;&#x636E;&#x8FDB;&#x884C;&#x8131;&#x654F;&#x3002; 
<br><span style="color:orange">&#x8BF4;&#x660E;</span>&#xFF1A;&#x4E2A;&#x4EBA;&#x624B;&#x673A;&#x53F7;&#x7801;&#x663E;&#x793A;&#x4E3A;:158<em>**</em>9119&#xFF0C;&#x9690;&#x85CF;&#x4E2D;&#x95F4;4&#x4F4D;&#xFF0C;&#x9632;&#x6B62;&#x9690;&#x79C1;&#x6CC4;&#x9732;&#x3002; </li>
<li>&#x3010;&#x5F3A;&#x5236;&#x3011;&#x7528;&#x6237;&#x8F93;&#x5165;&#x7684;SQL&#x53C2;&#x6570;&#x4E25;&#x683C;&#x4F7F;&#x7528;&#x53C2;&#x6570;&#x7ED1;&#x5B9A;&#x6216;&#x8005;METADATA&#x5B57;&#x6BB5;&#x503C;&#x9650;&#x5B9A;&#xFF0C;&#x9632;&#x6B62;SQL&#x6CE8;&#x5165;&#xFF0C;&#x7981;&#x6B62;&#x5B57;&#x7B26;&#x4E32;&#x62FC;&#x63A5;SQL&#x8BBF;&#x95EE;&#x6570;&#x636E;&#x5E93;&#x3002; </li>
<li>&#x3010;&#x5F3A;&#x5236;&#x3011;&#x7528;&#x6237;&#x8BF7;&#x6C42;&#x4F20;&#x5165;&#x7684;&#x4EFB;&#x4F55;&#x53C2;&#x6570;&#x5FC5;&#x987B;&#x505A;&#x6709;&#x6548;&#x6027;&#x9A8C;&#x8BC1;&#x3002; 
<br><span style="color:orange">&#x8BF4;&#x660E;</span>&#xFF1A;&#x5FFD;&#x7565;&#x53C2;&#x6570;&#x6821;&#x9A8C;&#x53EF;&#x80FD;&#x5BFC;&#x81F4;&#xFF1A; <ul>
<li>page size&#x8FC7;&#x5927;&#x5BFC;&#x81F4;&#x5185;&#x5B58;&#x6EA2;&#x51FA; </li>
<li>&#x6076;&#x610F;order by&#x5BFC;&#x81F4;&#x6570;&#x636E;&#x5E93;&#x6162;&#x67E5;&#x8BE2; </li>
<li>&#x4EFB;&#x610F;&#x91CD;&#x5B9A;&#x5411; </li>
<li>SQL&#x6CE8;&#x5165; </li>
<li>&#x53CD;&#x5E8F;&#x5217;&#x5316;&#x6CE8;&#x5165; </li>
<li>&#x6B63;&#x5219;&#x8F93;&#x5165;&#x6E90;&#x4E32;&#x62D2;&#x7EDD;&#x670D;&#x52A1;ReDoS 
<br><span style="color:orange">&#x8BF4;&#x660E;</span>&#xFF1A;Java&#x4EE3;&#x7801;&#x7528;&#x6B63;&#x5219;&#x6765;&#x9A8C;&#x8BC1;&#x5BA2;&#x6237;&#x7AEF;&#x7684;&#x8F93;&#x5165;&#xFF0C;&#x6709;&#x4E9B;&#x6B63;&#x5219;&#x5199;&#x6CD5;&#x9A8C;&#x8BC1;&#x666E;&#x901A;&#x7528;&#x6237;&#x8F93;&#x5165;&#x6CA1;&#x6709;&#x95EE;&#x9898;&#xFF0C;&#x4F46;&#x662F;&#x5982;&#x679C;&#x653B;&#x51FB;&#x4EBA;&#x5458;&#x4F7F;&#x7528;&#x7684;&#x662F;&#x7279;&#x6B8A;&#x6784;&#x9020;&#x7684;&#x5B57;&#x7B26;&#x4E32;&#x6765;&#x9A8C;&#x8BC1;&#xFF0C;&#x6709;&#x53EF;&#x80FD;&#x5BFC;&#x81F4;&#x6B7B;&#x5FAA;&#x73AF;&#x7684;&#x7ED3;&#x679C;&#x3002; </li>
</ul>
</li>
<li>&#x3010;&#x5F3A;&#x5236;&#x3011;&#x7981;&#x6B62;&#x5411;HTML&#x9875;&#x9762;&#x8F93;&#x51FA;&#x672A;&#x7ECF;&#x5B89;&#x5168;&#x8FC7;&#x6EE4;&#x6216;&#x672A;&#x6B63;&#x786E;&#x8F6C;&#x4E49;&#x7684;&#x7528;&#x6237;&#x6570;&#x636E;&#x3002; </li>
<li>&#x3010;&#x5F3A;&#x5236;&#x3011;&#x8868;&#x5355;&#x3001;AJAX&#x63D0;&#x4EA4;&#x5FC5;&#x987B;&#x6267;&#x884C;CSRF&#x5B89;&#x5168;&#x8FC7;&#x6EE4;&#x3002; 
<br><span style="color:orange">&#x8BF4;&#x660E;</span>&#xFF1A;CSRF(Cross-site request forgery)&#x8DE8;&#x7AD9;&#x8BF7;&#x6C42;&#x4F2A;&#x9020;&#x662F;&#x4E00;&#x7C7B;&#x5E38;&#x89C1;&#x7F16;&#x7A0B;&#x6F0F;&#x6D1E;&#x3002;&#x5BF9;&#x4E8E;&#x5B58;&#x5728;CSRF&#x6F0F;&#x6D1E;&#x7684;&#x5E94;&#x7528;/&#x7F51;&#x7AD9;&#xFF0C;&#x653B;&#x51FB;&#x8005;&#x53EF;&#x4EE5;&#x4E8B;&#x5148;&#x6784;&#x9020;&#x597D;URL&#xFF0C;&#x53EA;&#x8981;&#x53D7;&#x5BB3;&#x8005;&#x7528;&#x6237;&#x4E00;&#x8BBF;&#x95EE;&#xFF0C;&#x540E;&#x53F0;&#x4FBF;&#x5728;&#x7528;&#x6237;&#x4E0D;&#x77E5;&#x60C5;&#x60C5;&#x51B5;&#x4E0B;&#x5BF9;&#x6570;&#x636E;&#x5E93;&#x4E2D;&#x7528;&#x6237;&#x53C2;&#x6570;&#x8FDB;&#x884C;&#x76F8;&#x5E94;&#x4FEE;&#x6539;&#x3002; </li>
<li>&#x3010;&#x5F3A;&#x5236;&#x3011;&#x5728;&#x4F7F;&#x7528;&#x5E73;&#x53F0;&#x8D44;&#x6E90;&#xFF0C;&#x8B6C;&#x5982;&#x77ED;&#x4FE1;&#x3001;&#x90AE;&#x4EF6;&#x3001;&#x7535;&#x8BDD;&#x3001;&#x4E0B;&#x5355;&#x3001;&#x652F;&#x4ED8;&#xFF0C;&#x5FC5;&#x987B;&#x5B9E;&#x73B0;&#x6B63;&#x786E;&#x7684;&#x9632;&#x91CD;&#x653E;&#x9650;&#x5236;&#xFF0C;&#x5982;&#x6570;&#x91CF;&#x9650;&#x5236;&#x3001;&#x75B2;&#x52B3;&#x5EA6;&#x63A7;&#x5236;&#x3001;&#x9A8C;&#x8BC1;&#x7801;&#x6821;&#x9A8C;&#xFF0C;&#x907F;&#x514D;&#x88AB;&#x6EE5;&#x5237;&#x5BFC;&#x81F4;&#x8D44;&#x635F;&#x3002; 
<br><span style="color:orange">&#x8BF4;&#x660E;</span>&#xFF1A;&#x5982;&#x6CE8;&#x518C;&#x65F6;&#x53D1;&#x9001;&#x9A8C;&#x8BC1;&#x7801;&#x5230;&#x624B;&#x673A;&#xFF0C;&#x5982;&#x679C;&#x6CA1;&#x6709;&#x9650;&#x5236;&#x6B21;&#x6570;&#x548C;&#x9891;&#x7387;&#xFF0C;&#x90A3;&#x4E48;&#x53EF;&#x4EE5;&#x5229;&#x7528;&#x6B64;&#x529F;&#x80FD;&#x9A9A;&#x6270;&#x5230;&#x5176;&#x5B83;&#x7528;&#x6237;&#xFF0C;&#x5E76;&#x9020;&#x6210;&#x77ED;&#x4FE1;&#x5E73;&#x53F0;&#x8D44;&#x6E90;&#x6D6A;&#x8D39;&#x3002; </li>
<li>&#x3010;&#x63A8;&#x8350;&#x3011;&#x53D1;&#x8D34;&#x3001;&#x8BC4;&#x8BBA;&#x3001;&#x53D1;&#x9001;&#x5373;&#x65F6;&#x6D88;&#x606F;&#x7B49;&#x7528;&#x6237;&#x751F;&#x6210;&#x5185;&#x5BB9;&#x7684;&#x573A;&#x666F;&#x5FC5;&#x987B;&#x5B9E;&#x73B0;&#x9632;&#x5237;&#x3001;&#x6587;&#x672C;&#x5185;&#x5BB9;&#x8FDD;&#x7981;&#x8BCD;&#x8FC7;&#x6EE4;&#x7B49;&#x98CE;&#x63A7;&#x7B56;&#x7565;&#x3002; </li>
</ol>

                                
                                </section>
                            
    </div>
    <div class="search-results">
        <div class="has-results">
            
            <h1 class="search-results-title"><span class='search-results-count'></span> results matching "<span class='search-query'></span>"</h1>
            <ul class="search-results-list"></ul>
            
        </div>
        <div class="no-results">
            
            <h1 class="search-results-title">No results matching "<span class='search-query'></span>"</h1>
            
        </div>
    </div>
</div>

                        </div>
                    </div>
                
            </div>

            
                
                <a href="单元测试.html" class="navigation navigation-prev navigation-unique" aria-label="Previous page: 三、单元测试">
                    <i class="fa fa-angle-left"></i>
                </a>
                
                
            
        
    </div>

    <script>
        var gitbook = gitbook || [];
        gitbook.push(function() {
            gitbook.page.hasChanged({"page":{"title":"四、安全规约","level":"1.5","depth":1,"next":{"title":"五、MySQL数据库","level":"1.6","depth":1,"ref":"","articles":[{"title":"（一）建表规约","level":"1.6.1","depth":2,"path":"MySQL数据库/建表规约.md","ref":"MySQL数据库/建表规约.md","articles":[]},{"title":"（二）索引规约","level":"1.6.2","depth":2,"path":"MySQL数据库/索引规约.md","ref":"MySQL数据库/索引规约.md","articles":[]},{"title":"（三）SQL语句","level":"1.6.3","depth":2,"path":"MySQL数据库/SQL语句.md","ref":"MySQL数据库/SQL语句.md","articles":[]},{"title":"（四）ORM映射","level":"1.6.4","depth":2,"path":"MySQL数据库/ORM映射.md","ref":"MySQL数据库/ORM映射.md","articles":[]}]},"previous":{"title":"三、单元测试","level":"1.4","depth":1,"path":"单元测试.md","ref":"单元测试.md","articles":[]},"dir":"ltr"},"config":{"gitbook":"*","theme":"default","variables":{},"plugins":["book-summary-scroll-position-saver","github","prism","-sharing","-highlight"],"pluginsConfig":{"github":{"url":"https://github.com/alibaba/p3c"},"book-summary-scroll-position-saver":{},"prism":{},"search":{},"lunr":{"maxIndexSize":1000000,"ignoreSpecialCharacters":false},"fontsettings":{"theme":"white","family":"sans","size":2},"theme-default":{"styles":{"website":"styles/website.css","pdf":"styles/pdf.css","epub":"styles/epub.css","mobi":"styles/mobi.css","ebook":"styles/ebook.css","print":"styles/print.css"},"showLevel":false}},"structure":{"langs":"LANGS.md","readme":"README.md","glossary":"GLOSSARY.md","summary":"SUMMARY.md"},"pdf":{"pageNumbers":true,"fontSize":12,"fontFamily":"Arial","paperSize":"a4","chapterMark":"pagebreak","pageBreaksBefore":"/","margin":{"right":62,"left":62,"top":56,"bottom":56}},"styles":{"website":"styles/website.css"}},"file":{"path":"安全规约.md","mtime":"2018-01-13T07:52:52.584Z","type":"markdown"},"gitbook":{"version":"3.2.3","time":"2018-01-15T14:41:43.583Z"},"basePath":".","book":{"language":""}});
        });
    </script>
</div>

        
    <script src="gitbook/gitbook.js"></script>
    <script src="gitbook/theme.js"></script>
    
        
        <script src="gitbook/gitbook-plugin-book-summary-scroll-position-saver/book-summary-scroll-position-saver.js"></script>
        
    
        
        <script src="gitbook/gitbook-plugin-github/plugin.js"></script>
        
    
        
        <script src="gitbook/gitbook-plugin-search/search-engine.js"></script>
        
    
        
        <script src="gitbook/gitbook-plugin-search/search.js"></script>
        
    
        
        <script src="gitbook/gitbook-plugin-lunr/lunr.min.js"></script>
        
    
        
        <script src="gitbook/gitbook-plugin-lunr/search-lunr.js"></script>
        
    
        
        <script src="gitbook/gitbook-plugin-fontsettings/fontsettings.js"></script>
        
    

    </body>
</html>

